One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the second certificate.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for determining a policy action for a connection in which certificates are utilized in a secure network connection, the method comprising: identifying, by one or more computer processors, a first certificate that is used to establish a secure Internet connection; identifying, by one or more computer processors, a stored second certificate that shares at least one attribute with the first certificate, wherein identifying a stored second certificate includes comparing one or more attributes of the first certificate with one or more attributes from each stored certificate from a plurality of stored certificates; and determining, by one or more computer processors, a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the stored second certificate.
A method for managing secure network connections using certificates compares a certificate from the current connection with stored certificates to determine a policy action. The system identifies a certificate used to establish a secure internet connection (like HTTPS). It then searches a database of stored certificates, comparing attributes of the current certificate to attributes of each stored certificate. Based on the comparison, a policy action is determined. This allows the system to react to potentially malicious or untrusted certificates based on comparison results.
2. The method of claim 1 , further comprising: executing, by one or more computer processors, the determined policy action on a client computing device.
The method of managing secure network connections includes executing a policy action (from the comparison of a certificate used to establish a secure internet connection and a stored second certificate that shares at least one attribute with the first certificate) on a client computing device. This allows the system to actively respond to certificate verification results, e.g., blocking a connection or displaying a warning message directly on the user's machine.
3. The method of claim 1 , wherein identifying a first certificate that is used to establish a secure Internet connection comprises: identifying, by one or more computer processors, a certificate that is utilized to establish a secure Internet connection via deep-packet inspection; and storing, by one or more computer processors, the identified certificate in a storage device.
The method of managing secure network connections specifies how the current connection's certificate is identified: It uses deep-packet inspection to extract the certificate used to establish a secure Internet connection. The identified certificate is then stored in a storage device. This enables the system to analyze the secure connection's certificate and use it for comparison against stored certificates.
4. The method of claim 1 , wherein the secure Internet connection is one or both of a cryptographic protocol, or an encryption protocol, wherein the one or both of the cryptographic protocol, or the encryption protocol, is one or more of a secure socket layer connection, or a transport layer security.
In the method of managing secure network connections, the secure Internet connection is a cryptographic or encryption protocol such as Secure Socket Layer (SSL) or Transport Layer Security (TLS). The system therefore analyzes SSL or TLS connections to determine a policy action for a connection in which certificates are utilized in the secure network connection.
5. The method of claim 1 , wherein the stored second certificate is located in a database that is at least in part managed by an in-line computing device.
In the method of managing secure network connections, the stored certificates used for comparison are located in a database. This database is at least partly managed by an in-line computing device. This means the certificate database can be updated and maintained by a network appliance that actively monitors and manages network traffic.
6. The method of claim 1 , wherein determining the policy action occurs after the secure Internet connection has been established.
In the method of managing secure network connections, the policy action based on the certificate comparison is determined *after* the secure Internet connection has already been established. This implies the system allows the connection initially but monitors and evaluates the certificate in the background to decide on a subsequent policy adjustment.
7. The method of claim 1 , wherein determining, by one or more computer processors, a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the stored second certificate comprises: determining, by one or more computer processors, that a type of attribute of the first certificate includes content that is different than a content of a same type of attribute of the second certificate; and executing, by one or more computer processors, the policy action based, at least in part, on a difference in the content of the type of attribute of the first certificate and the content of the same type of attribute of the second certificate.
The method of managing secure network connections bases its policy action on a difference between the current connection's certificate and a stored certificate. It determines that a specific attribute of the current certificate has different content than the same attribute in the stored certificate. For example, if the "common name" field differs. Then, the policy action is executed based on this difference. This allows for fine-grained control based on specific certificate attributes.
8. The method of claim 5 , wherein the stored second certificate was received during the establishment of a previous secure Internet connection.
In the method of managing secure network connections where the stored certificates reside in a database managed by an in-line computing device, the stored certificates were previously received during the establishment of prior secure internet connections. This indicates that the system builds its database of trusted or suspicious certificates by observing past connections and storing the associated certificates.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
June 2, 2015
March 21, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.